Hide Forgot
Created attachment 1153085 [details] 01 Upstream bug which was marked as invalid: https://bugs.launchpad.net/horizon/+bug/1415588 Knowledge base article: https://access.redhat.com/solutions/2287551 ======================================================= "Text from the knowledge base article: When managing users with IDM and integrate IDM as identity provider, a project admin in Openstack gets the following message while retrieving the user list from Horizon dashboard. Raw Error: Unauthorized: Unable to retrieve user list. Why every time a project admin tries to retrieve the Identity/Users tab in Horizon is getting failed with following message in /var/log/keystone/keystone.log file ? Raw 2016-04-27 12:42:40.237 14936 WARNING keystone.common.controller [-] No domain information specified as part of list request 2016-04-27 12:42:40.238 14936 WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authentication. (Disable debug mode to suppress these details.) (Disable debug mode to suppress these details.) from 10.x.x.x. Resolution This is expected behaviour, we need to set the domain context in horizon dashboard before trying to list the users. Raw 1) Identity --> Domains --> Click on "Set Domain Context" corresponding to domain on which users are present. 2) Once this domain is selected then click on "users" tab to see the users present." ======================================================= See screenshots 04 - 08 (attachments). Even though this might be "correct" behaviour, I'm opening this bug because the error message is distubing for users. If this is expected behaviour, then we shouldn't see an error message, but a warning / instruction of how to do it right. Alternatively, users should be able to choose their default domain context and not be confronted with this issue at all. ======================================================= There is an additional issue: When users change /etc/openstack-dashboard/local_settings to OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = '<ACTIVE_DIRECTORY_DOMAIN>' then there is no way to select "Set Domain Context" under "Domains". Please refer to screenshots 01 to 03.
Created attachment 1153086 [details] 02
Created attachment 1153087 [details] 03
Created attachment 1153088 [details] 04
Created attachment 1153089 [details] 05
Created attachment 1153090 [details] 06
Created attachment 1153092 [details] 07
Created attachment 1153093 [details] 08
Closing. If this still seems like an issue, please re-open. This is part of a bug closing action due to lack of resources. Age >3 months + Priority < High + No active customer reference